Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/Y3rckJedRxRAxrzRgK4vVltglwg.roa
File:                     Y3rckJedRxRAxrzRgK4vVltglwg.roa (raw, json)
Hash identifier:          eHtnNlleecqHwkbqKfVnrPIAjwsccqzScEtWboWU/1s=
Subject key identifier:   63:7A:DC:90:97:9D:47:14:40:C6:BC:D1:80:AE:2F:56:5B:60:97:08
Certificate issuer:       /CN=5873b598550df5bfdbc99a7a1e396c3495bda83b
Certificate serial:       018CC726F6C9FAE402B3B31ECCD0BBD4B0FF
Authority key identifier: 58:73:B5:98:55:0D:F5:BF:DB:C9:9A:7A:1E:39:6C:34:95:BD:A8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WHO1mFUN9b_byZp6HjlsNJW9qDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/Y3rckJedRxRAxrzRgK4vVltglwg.roa
Signing time:             Mon 01 Jan 2024 22:31:08 +0000
ROA not before:           Mon 01 Jan 2024 22:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        130.82.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/WHO1mFUN9b_byZp6HjlsNJW9qDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/WHO1mFUN9b_byZp6HjlsNJW9qDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WHO1mFUN9b_byZp6HjlsNJW9qDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f6:c9:fa:e4:02:b3:b3:1e:cc:d0:bb:d4:b0:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5873b598550df5bfdbc99a7a1e396c3495bda83b
        Validity
            Not Before: Jan  1 22:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=637adc90979d471440c6bcd180ae2f565b609708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6d:29:d3:61:dd:dd:56:cb:51:1a:99:da:15:
                    2c:3f:cd:f9:a3:c2:0e:31:8e:30:91:fd:d5:50:ca:
                    f2:0d:37:91:64:74:ca:cc:b0:01:0c:65:a6:62:b9:
                    49:2b:de:e2:25:0f:4d:33:59:d9:07:e9:1a:39:ec:
                    f1:ac:63:fe:6f:4e:2b:4b:c0:87:79:13:47:ee:2f:
                    e3:6b:8b:92:41:42:ce:9a:ce:07:7e:84:d1:a2:94:
                    3f:e5:12:6a:8f:ca:1e:49:bb:9f:11:77:3a:31:2d:
                    d5:6c:1b:ac:81:f6:07:62:29:fb:4f:c8:ee:d0:94:
                    ce:4f:55:d9:a9:b2:12:bc:9f:a0:8b:bf:ae:92:6e:
                    c1:43:6e:13:59:24:34:0c:8e:71:63:74:43:05:89:
                    00:82:69:65:50:b2:03:94:66:4e:bf:6b:bb:28:e0:
                    5b:3a:d5:34:f1:ae:88:e0:f6:b6:b4:1f:c6:2f:c0:
                    6a:2a:c1:95:8e:bf:b6:67:78:c6:c6:41:c7:ec:83:
                    2f:3c:d8:0a:30:77:d2:2f:24:bc:f3:de:06:db:a0:
                    1c:1f:2a:fa:50:ef:e6:c1:9e:4e:0c:41:60:c0:0f:
                    30:e3:6e:d6:ae:5d:e1:76:c9:1a:be:85:08:e2:0a:
                    b4:90:8f:c6:12:92:32:28:81:32:77:e1:c2:92:ad:
                    25:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7A:DC:90:97:9D:47:14:40:C6:BC:D1:80:AE:2F:56:5B:60:97:08
            X509v3 Authority Key Identifier:
                keyid:58:73:B5:98:55:0D:F5:BF:DB:C9:9A:7A:1E:39:6C:34:95:BD:A8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WHO1mFUN9b_byZp6HjlsNJW9qDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/Y3rckJedRxRAxrzRgK4vVltglwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/WHO1mFUN9b_byZp6HjlsNJW9qDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:e2:c0:64:96:ee:28:c4:42:f6:15:02:9f:6c:e1:02:2c:08:
         0c:d5:b7:d9:57:db:04:04:13:1b:5f:8d:f2:40:7d:b1:af:24:
         43:33:41:f6:7a:41:d5:e3:85:c4:34:f0:50:d0:f7:98:12:67:
         fa:85:87:ed:b6:23:0a:c6:58:2a:44:94:68:14:08:af:a6:02:
         fe:e4:3f:69:49:1e:85:fb:27:35:cd:cc:d4:fe:f0:22:96:69:
         bc:eb:63:d4:e2:54:aa:c3:94:98:d6:90:c7:24:ac:1e:72:20:
         04:05:ae:f8:4c:e2:bf:1d:61:4b:4c:b6:90:4d:be:f3:33:5a:
         03:b7:ba:bb:96:61:a9:51:b9:8f:f0:ce:83:4d:56:b5:68:16:
         90:28:ff:7d:ae:b1:d4:ac:1c:52:4c:e9:41:63:07:1f:87:fd:
         81:29:bf:c8:7a:39:bd:0e:f7:12:88:5a:1a:74:83:22:80:dc:
         75:4c:e6:07:a2:0e:df:b4:88:fe:4b:bf:32:b8:fa:bd:11:5b:
         7a:e1:a7:45:c2:b5:28:a2:74:f0:39:42:61:1a:05:fe:9a:16:
         f6:4a:60:0a:a1:e1:a4:8c:93:b9:63:50:3e:c4:a6:2b:a0:1d:
         fe:ef:af:c9:97:42:31:1b:92:f1:22:d0:29:f0:14:53:bf:e6:
         7f:ef:fc:5a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJvbJ+uQCs7MezNC71LD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NzNiNTk4NTUwZGY1YmZkYmM5OWE3YTFlMzk2YzM0OTVi
ZGE4M2IwHhcNMjQwMTAxMjIzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzdhZGM5MDk3OWQ0NzE0NDBjNmJjZDE4MGFlMmY1NjViNjA5NzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlm0p02Hd3VbLURqZ2hUsP835o8IO
MY4wkf3VUMryDTeRZHTKzLABDGWmYrlJK97iJQ9NM1nZB+kaOezxrGP+b04rS8CH
eRNH7i/ja4uSQULOms4HfoTRopQ/5RJqj8oeSbufEXc6MS3VbBusgfYHYin7T8ju
0JTOT1XZqbISvJ+gi7+ukm7BQ24TWSQ0DI5xY3RDBYkAgmllULIDlGZOv2u7KOBb
OtU08a6I4Pa2tB/GL8BqKsGVjr+2Z3jGxkHH7IMvPNgKMHfSLyS8894G26AcHyr6
UO/mwZ5ODEFgwA8w427Wrl3hdskavoUI4gq0kI/GEpIyKIEyd+HCkq0lZwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGN63JCXnUcUQMa80YCuL1ZbYJcIMB8GA1UdIwQY
MBaAFFhztZhVDfW/28maeh45bDSVvag7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0hPMW1GVU45Yl9ieVpwNkhqbHNOSlc5cURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xNDIzOGQtODU5MS00NzFmLTg5NWIt
MTc2OWQxOTk0ZGY2LzEvWTNyY2tKZWRSeFJBeHJ6UmdLNHZWbHRnbHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xNDIzOGQtODU5MS00NzFmLTg5NWItMTc2OWQxOTk0ZGY2
LzEvV0hPMW1GVU45Yl9ieVpwNkhqbHNOSlc5cURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAglIwDQYJ
KoZIhvcNAQELBQADggEBACbiwGSW7ijEQvYVAp9s4QIsCAzVt9lX2wQEExtfjfJA
fbGvJEMzQfZ6QdXjhcQ08FDQ95gSZ/qFh+22IwrGWCpElGgUCK+mAv7kP2lJHoX7
JzXNzNT+8CKWabzrY9TiVKrDlJjWkMckrB5yIAQFrvhM4r8dYUtMtpBNvvMzWgO3
uruWYalRuY/wzoNNVrVoFpAo/32usdSsHFJM6UFjBx+H/YEpv8h6Ob0O9xKIWhp0
gyKA3HVM5geiDt+0iP5LvzK4+r0RW3rhp0XCtSiidPA5QmEaBf6aFvZKYAqh4aSM
k7ljUD7EpiugHf7vr8mXQjEbkvEi0CnwFFO/5n/v/Fo=
-----END CERTIFICATE-----